[Openswan Users] OS2.1.1+linux-2.4.26: pluto falls with Segmentation fault

Anatoly Ershov it at ostankino.ru
Tue May 18 20:59:06 CEST 2004 

Hi!
I have troubles running Openswan 2.1.1 on linux-2.4.26, Debian 3.0: 
Pluto fails due to Segmentation fault. Here's syslog lines.


 18 18:16:24 ural ipsec_setup: Starting Openswan IPsec 2.1.1...
 18 18:16:24 ural ipsec_setup: Using 
/lib/modules/2.4.26-p4/kernel/net/ipsec/ipsec.o
May 18 18:16:24 ural kernel: klips_info:ipsec_init: KLIPS startup, 
FreeS/WAN IPSec version: 2.1.1
May 18 18:16:24 ural ipsec_setup: KLIPS debug `none'
May 18 18:16:24 ural kernel:
May 18 18:16:24 ural ipsec_setup: KLIPS ipsec0 on eth0 
212.12.66.230/255.255.255.192 broadcast 212.12.66.255
May 18 18:16:24 ural ipsec_setup: ...Openswan IPsec started
May 18 18:16:24 ural pluto[5913]: Starting Pluto (Openswan Version 2.1.1 
X.509-1.4.8 PLUTO_USES_KEYRR)
May 18 18:16:24 ural pluto[5913]:   including NAT-Traversal patch 
(Version 0.6c) [disabled]
May 18 18:16:24 ural pluto[5913]: Using KLIPS IPsec interface code
May 18 18:16:24 ural pluto[5913]: Changing to directory 
'/etc/ipsec.d/cacerts'
May 18 18:16:24 ural pluto[5913]:   loaded cacert file 'ttc-ca.crt' 
(3881 bytes)
May 18 18:16:24 ural pluto[5913]: Changing to directory '/etc/ipsec.d/crls'
May 18 18:16:24 ural pluto[5913]:   loaded crl file 'ttc-ca.crl' (1787 
bytes)
May 18 18:16:24 ural ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: 
line 1:  5913 Segmentation fault      /usr/local/libexec/ipsec/pluto 
--nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d 
--debug-dns --uniqueids
May 18 18:16:24 ural ipsec__plutorun: whack: is Pluto running?  
connect() for "/var/run/pluto.ctl" failed (111 Connection refused)
May 18 18:16:24 ural ipsec__plutorun: !pluto failure!:  exited with 
error status 139 (signal 11)


I succeeded to run openswan built from the same source with the same 
openswan-patched vanilla kernel on Debian/testing; both kernel and 
openswan are built on machines, on which they are run. On Debian/testing 
pluto failed in the same manner, until I put "plutodebug=all" in 
ipsec.conf; "none" and, say, "dns" will bring to SegFault. On 
Debian/stable (3.0) it just dies.

I tried to build gmp-4.1.3 from source and link openswan programs with 
it, instead of installed libgmp3{,-dev} packages (ver. 4.0.1-3) -- it 
doesn't help.


Any ideas? May be, too long keys I used in building x509 certificates -- 
4096 for CA?
Two barfs are placed here:
http://age.pp.ru/~ershov/barf.ural.bz2   -- from openswan linked with 
stock libgmp3
http://age.pp.ru/~ershov/barf.ural+gmp-4.1.3.bz2 -- from that linked 
with gmp-4.1.3 taken from its home site.

Sincerely,
Anatoly

More information about the Users mailing list